Common Weakness Enumeration

CWE-674

Allowed-with-Review

Uncontrolled Recursion

Abstraction: Class · Status: Draft

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

616 vulnerabilities reference this CWE, most recent first.

CVE-2025-66031 (GCVE-0-2025-66031)

Vulnerability from cvelistv5 – Published: 2025-11-26 22:23 – Updated: 2025-11-28 18:27
VLAI
Title
node-forge ASN.1 Unbounded Recursion
Summary
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
digitalbazaar forge Affected: < 1.3.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-28T18:26:11.800439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-28T18:27:06.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "forge",
          "vendor": "digitalbazaar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-26T22:23:26.013Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
        },
        {
          "name": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
        }
      ],
      "source": {
        "advisory": "GHSA-554w-wpv2-vw27",
        "discovery": "UNKNOWN"
      },
      "title": "node-forge ASN.1 Unbounded Recursion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66031",
    "datePublished": "2025-11-26T22:23:26.013Z",
    "dateReserved": "2025-11-21T01:08:02.614Z",
    "dateUpdated": "2025-11-28T18:27:06.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61766 (GCVE-0-2025-61766)

Vulnerability from cvelistv5 – Published: 2025-10-06 16:07 – Updated: 2025-10-06 17:16
VLAI
Title
Bucket vulnerable to infinite recursion when querying a bucket using the != operator
Summary
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-06T17:01:32.362623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-06T17:16:30.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mediawiki-extensions-Bucket",
          "vendor": "weirdgloop",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP\u0027s call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-06T16:07:04.126Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GHSA-r9f2-4jh3-659j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GHSA-r9f2-4jh3-659j"
        },
        {
          "name": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/6f4a71d531cb802cdb991d2a4ca7bf8fb691defd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/6f4a71d531cb802cdb991d2a4ca7bf8fb691defd"
        },
        {
          "name": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/blob/ad704120a1660b5929fb5825db1cf85c9c77acf4/includes/Expression/MemberOfExpression.php#L34",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/blob/ad704120a1660b5929fb5825db1cf85c9c77acf4/includes/Expression/MemberOfExpression.php#L34"
        }
      ],
      "source": {
        "advisory": "GHSA-r9f2-4jh3-659j",
        "discovery": "UNKNOWN"
      },
      "title": "Bucket vulnerable to infinite recursion when querying a bucket using the != operator"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61766",
    "datePublished": "2025-10-06T16:07:04.126Z",
    "dateReserved": "2025-09-30T19:43:49.900Z",
    "dateUpdated": "2025-10-06T17:16:30.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-59789 (GCVE-0-2025-59789)

Vulnerability from cvelistv5 – Published: 2025-12-01 10:22 – Updated: 2025-12-01 15:05
VLAI
Title
Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser
Summary
Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser uses a recursive parsing method by default. If the input json has a large depth of recursive structure, the parser function may run into stack overflow. Affected Scenarios: Use bRPC server with protobuf message to serve http+json requests from untrusted network. Or directly use JsonToProtoMessage to convert json from untrusted input. How to Fix: (Choose one of the following options)  1. Upgrade bRPC to version 1.15.0, which fixes this issue. 2. Apply this patch: https://github.com/apache/brpc/pull/3099 Note: No matter which option you choose, you should know that the fix introduces a recursion depth limit with default value 100. It affects these functions:  ProtoMessageToJson, ProtoMessageToProtoJson, JsonToProtoMessage, and ProtoJsonToProtoMessage. If your requests contain json or protobuf messages that have a depth exceeding the limit, the request will be failed after applying the fix. You can modify the gflag json2pb_max_recursion_depth to change the limit.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache bRPC Affected: 0 , < 1.15.0 (semver)
Create a notification for this product.
Credits
Tyler Zars
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-01T11:05:54.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/01/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-59789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-01T15:04:16.305638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-01T15:05:18.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache bRPC",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tyler Zars"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Uncontrolled recursion in the json2pb component in Apache bRPC (version \u0026lt; 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data.\u003cbr\u003e\u003cbr\u003eRoot Cause:\u003cbr\u003eThe bRPC\u0026nbsp;json2pb component uses rapidjson to parse json data from the network. The rapidjson parser uses a recursive parsing method by default. If the input json has a large depth of recursive structure, the parser function may run into stack overflow.\u003cbr\u003e\u003cbr\u003eAffected Scenarios:\u003cbr\u003eUse bRPC server with protobuf message to serve http+json requests from untrusted network. Or directly use\u0026nbsp;JsonToProtoMessage to convert json from\u0026nbsp;untrusted input.\n\n\u003cbr\u003e\u003cbr\u003eHow to Fix: \u003cbr\u003e(\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eChoose one of the following options)\u0026nbsp;\u003c/span\u003e\u003cbr\u003e1. Upgrade bRPC to version 1.15.0, which fixes this issue.\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2. Apply this patch: \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/apache/brpc/pull/3099\"\u003ehttps://github.com/apache/brpc/pull/3099\u003c/a\u003e\n\n\u003cbr\u003e\u003cbr\u003eNote:\u003cbr\u003eNo matter which option \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eyou choose\u003c/span\u003e, you should know that the fix introduces a recursion depth limit with default value 100. It affects these functions:\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProtoMessageToJson, ProtoMessageToProtoJson, JsonToProtoMessage, and ProtoJsonToProtoMessage.\u003c/span\u003e\n\n If your requests contain json or protobuf messages that have a depth exceeding the limit, the request will be failed after applying the fix. You can modify the gflag json2pb_max_recursion_depth to change the limit."
            }
          ],
          "value": "Uncontrolled recursion in the json2pb component in Apache bRPC (version \u003c 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data.\n\nRoot Cause:\nThe bRPC\u00a0json2pb component uses rapidjson to parse json data from the network. The rapidjson parser uses a recursive parsing method by default. If the input json has a large depth of recursive structure, the parser function may run into stack overflow.\n\nAffected Scenarios:\nUse bRPC server with protobuf message to serve http+json requests from untrusted network. Or directly use\u00a0JsonToProtoMessage to convert json from\u00a0untrusted input.\n\n\n\nHow to Fix: \n(Choose one of the following options)\u00a0\n1. Upgrade bRPC to version 1.15.0, which fixes this issue.\n2. Apply this patch:  https://github.com/apache/brpc/pull/3099 \n\n\n\nNote:\nNo matter which option \n\nyou choose, you should know that the fix introduces a recursion depth limit with default value 100. It affects these functions:\u00a0\n\nProtoMessageToJson, ProtoMessageToProtoJson, JsonToProtoMessage, and ProtoJsonToProtoMessage.\n\n If your requests contain json or protobuf messages that have a depth exceeding the limit, the request will be failed after applying the fix. You can modify the gflag json2pb_max_recursion_depth to change the limit."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "critical"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T10:22:41.697Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/ozmcsztcpxn61jxod8jo8q46jo0oc1zx"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-59789",
    "datePublished": "2025-12-01T10:22:41.697Z",
    "dateReserved": "2025-09-20T06:17:58.940Z",
    "dateUpdated": "2025-12-01T15:05:18.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59364 (GCVE-0-2025-59364)

Vulnerability from cvelistv5 – Published: 2025-09-14 00:00 – Updated: 2025-09-15 15:57
VLAI
Summary
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59364",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-15T15:57:46.719289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-15T15:57:53.693Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Express XSS Sanitizer",
          "vendor": "Express XSS Sanitizer project",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:express_xss_sanitizer_project:express_xss_sanitizer:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "2.0.0",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-14T22:27:39.742Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/AhmedAdelFahim/express-xss-sanitizer"
        },
        {
          "url": "https://www.npmjs.com/package/express-xss-sanitizer"
        },
        {
          "url": "https://gist.github.com/Spendroslav/177804eaef5acfb222a550de212a1b94"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59364",
    "datePublished": "2025-09-14T00:00:00.000Z",
    "dateReserved": "2025-09-14T00:00:00.000Z",
    "dateUpdated": "2025-09-15T15:57:53.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-57809 (GCVE-0-2025-57809)

Vulnerability from cvelistv5 – Published: 2025-08-25 21:22 – Updated: 2025-08-26 20:19
VLAI
Title
XGrammar affected by Denial of Service by infinite recursion grammars
Summary
XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
mlc-ai xgrammar Affected: < 0.1.21
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-57809",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T20:19:08.061700Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T20:19:34.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xgrammar",
          "vendor": "mlc-ai",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.1.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-25T21:22:00.226Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-5cmr-4px5-23pc"
        },
        {
          "name": "https://github.com/mlc-ai/xgrammar/issues/250",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mlc-ai/xgrammar/issues/250"
        },
        {
          "name": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mlc-ai/xgrammar/commit/b943feacb5a1caf4d39de8ec3bf7c7ce066dcee5"
        }
      ],
      "source": {
        "advisory": "GHSA-5cmr-4px5-23pc",
        "discovery": "UNKNOWN"
      },
      "title": "XGrammar affected by Denial of Service by infinite recursion grammars"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-57809",
    "datePublished": "2025-08-25T21:22:00.226Z",
    "dateReserved": "2025-08-20T14:30:35.010Z",
    "dateUpdated": "2025-08-26T20:19:34.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-55095 (GCVE-0-2025-55095)

Vulnerability from cvelistv5 – Published: 2026-01-27 15:34 – Updated: 2026-01-27 15:58
VLAI
Summary
The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
  • CWE-674 - Uncontrolled Recursion
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse ThreadX - USBX Affected: 0 , ≤ 6.4.2 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55095",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T15:57:28.543629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-27T15:58:14.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Eclipse ThreadX - USBX",
          "repo": "https://github.com/eclipse-threadx/usbx",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "6.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The function \u003ccode\u003e_ux_host_class_storage_media_mount()\u003c/code\u003e\u0026nbsp;is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition.\u003cbr\u003e\u003cbr\u003eThis recursion occurs in \u003ccode\u003e_ux_host_class_storage_partition_read()\u003c/code\u003e, which parses up to four partition entries. If an extended partition is found (with type \u003ccode\u003eUX_HOST_CLASS_STORAGE_PARTITION_EXTENDED\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eEXTENDED_LBA_MAPPED\u003c/code\u003e), the code invokes:\u003cbr\u003e\u003ccode\u003e\u003ccode\u003e            _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...));\u003cbr\u003e\n\u003c/code\u003e\u003c/code\u003e\u003cbr\u003eThere is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "The function _ux_host_class_storage_media_mount()\u00a0is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition.\n\nThis recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED\u00a0or EXTENDED_LBA_MAPPED), the code invokes:\n            _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...));\n\n\nThere is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121  Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T15:34:47.755Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-qfmp-wch9-rpv2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2025-55095",
    "datePublished": "2026-01-27T15:34:47.755Z",
    "dateReserved": "2025-08-06T18:56:43.458Z",
    "dateUpdated": "2026-01-27T15:58:14.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54858 (GCVE-0-2025-54858)

Vulnerability from cvelistv5 – Published: 2025-10-15 13:55 – Updated: 2026-02-26 16:57
VLAI
Title
BIG-IP Advanced WAF and ASM vulnerability
Summary
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
f5
References
Impacted products
Vendor Product Version
F5 BIG-IP Affected: 17.5.0 , < 17.5.1.3 (custom)
Affected: 17.1.0 , < 17.1.3 (custom)
Affected: 16.1.0 , < 16.1.6.1 (custom)
Affected: 15.1.0 , < 15.1.10.8 (custom)
Create a notification for this product.
Date Public
2025-10-15 14:00
Credits
F5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54858",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T03:56:56.305285Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:57:38.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ASM",
            "Advanced WAF"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "17.5.1.3",
              "status": "affected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.3",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1.6.1",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1.10.8",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2025-10-15T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the \u003c/span\u003e\u003cstrong\u003ebd\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;process to terminate.\u003c/span\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e"
            }
          ],
          "value": "When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd\u00a0process to terminate.\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T13:55:51.946Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000156621"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP Advanced WAF and ASM vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-54858",
    "datePublished": "2025-10-15T13:55:51.946Z",
    "dateReserved": "2025-10-03T23:04:38.066Z",
    "dateUpdated": "2026-02-26T16:57:38.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53864 (GCVE-0-2025-53864)

Vulnerability from cvelistv5 – Published: 2025-07-11 00:00 – Updated: 2025-09-23 18:38
VLAI
Summary
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Connect2id Nimbus JOSE+JWT Affected: 0 , < 10.0.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53864",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:28:35.322634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:28:38.382Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nimbus JOSE+JWT",
          "vendor": "Connect2id",
          "versions": [
            {
              "lessThan": "10.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T18:38:15.547Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
        },
        {
          "url": "https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0"
        },
        {
          "url": "https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b"
        },
        {
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f7fb882cc08f027c9ceb874acec3b51c6222861c"
        },
        {
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/593/back-port-cve-2025-53864-fix-to-9x-branch"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-53864",
    "datePublished": "2025-07-11T00:00:00.000Z",
    "dateReserved": "2025-07-11T00:00:00.000Z",
    "dateUpdated": "2025-09-23T18:38:15.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-53605 (GCVE-0-2025-53605)

Vulnerability from cvelistv5 – Published: 2025-07-05 00:00 – Updated: 2025-07-08 14:35
VLAI
Summary
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
stepancheg protobuf Affected: 0 , < 3.7.2 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53605",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T13:10:30.648808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-08T14:35:48.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "protobuf",
          "vendor": "stepancheg",
          "versions": [
            {
              "lessThan": "3.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-05T00:53:48.153Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/stepancheg/rust-protobuf/issues/749"
        },
        {
          "url": "https://rustsec.org/advisories/RUSTSEC-2024-0437"
        },
        {
          "url": "https://crates.io/crates/protobuf"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-53605",
    "datePublished": "2025-07-05T00:00:00.000Z",
    "dateReserved": "2025-07-05T00:00:00.000Z",
    "dateUpdated": "2025-07-08T14:35:48.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48924 (GCVE-0-2025-48924)

Vulnerability from cvelistv5 – Published: 2025-07-11 14:56 – Updated: 2025-11-04 22:06
VLAI
Title
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
OSS-Fuzz Issue 42522972
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-14T16:36:59.432024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-14T16:37:02.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T22:06:40.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/11/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unknown",
          "packageName": "commons-lang:commons-lang",
          "product": "Apache Commons Lang",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.6",
              "status": "affected",
              "version": "2.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-lang3",
          "product": "Apache Commons Lang",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.18.0",
              "status": "affected",
              "version": "3.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "OSS-Fuzz Issue 42522972"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUncontrolled Recursion vulnerability in Apache Commons Lang.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons Lang: Starting with\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons-lang:commons-lang\u0026nbsp;\u003c/span\u003e2.0 to 2.6, and, from org.apache.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommons:commons-lang3 3.0 before\u0026nbsp;\u003c/span\u003e3.18.0.\u003c/p\u003e\u003cp\u003eThe methods ClassUtils.getClass(...) can throw\u0026nbsp;StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u0026nbsp;cause an application to stop.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \nStackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T14:56:58.049Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48924",
    "datePublished": "2025-07-11T14:56:58.049Z",
    "dateReserved": "2025-05-28T15:06:51.476Z",
    "dateUpdated": "2025-11-04T22:06:40.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation

Ensure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.

Mitigation
Implementation

Increase the stack size.

CAPEC-230: Serialized Data with Nested Payloads

Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.

CAPEC-231: Oversized Serialized Data Payloads

An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.